Bugtraq mailing list archives

Re: LD_ hole (was Re: IFS hole?)

From: howie () ivory cc columbia edu (Howie Kaye)
Date: Wed, 15 Dec 93 19:17:26 EST


This depends on the real uid being different from the effective uid.  If
your program does something like "setuid(geteuid())", then you lose this
protection.  If you then run another program, it will be running as root,
and won't look like a suid'ed program, just something running as root.  It
will then look at the LD_LIBRARY_PATH.

 -----------------------------Howie Kaye                                howie () columbia edu
Columbia University                     hlkcu@cuvma.bitnet
AcIS UNIX Systems Group                 ...!rutgers!columbia!howie

Current thread:

LD_ hole (was Re: IFS hole?) Michael Neuman (Dec 15)
- Re: LD_ hole (was Re: IFS hole?) smb () research att com (Dec 15)
- Re: LD_ hole (was Re: IFS hole?) Rik Harris (Dec 15)
- The LD_* vars (was Re: LD_ hole) Justin Mason (Dec 16)
- <Possible follow-ups>
- Re: LD_ hole (was Re: IFS hole?) Howie Kaye (Dec 15)